49-63
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
To configure a port as a critical port and to enable the Inaccessible Authentication Bypass feature, perform this task:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# dot1x critical
eapol
(Optional) Configures whether to send an EAPOL-Success packet when
a port is critically authorized partway through an EAP exchange.
Note Some supplicants require this.
The default is not to send EAPOL-Success packets when a port is
critically authorized partway through an EAP exchange. If there is no
ongoing EAP exchange at the time when a port is critically authorized,
EAPOL-Success packet is always sent out regardless of this option.
Step 3
[Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Catalyst 4948E-F, Supervisor Engine
6-E, and Supervisor Engine 6L-E] Cisco IOS
Release 12.2(50)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release 15.0(1)X and later
Switch(config)# authentication
critical recovery delay msec
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config)# dot1x critical
recovery delay msec
(Optional) Specifies a throttle rate for the reinitialization of critically
authorized ports when the RADIUS server becomes available. The default
throttle rate is 100 milliseconds. This means that 10 ports reinitialize per
second.
Step 4
Switch(config)# interface
interface-id
Specifies the port to be configured and enters interface configuration
mode.
Step 5
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Step 6
Switch(config-if)# dot1x pae
authenticator
Enables 802.1X authentication on the port with default parameters.
Refer to the “Default 802.1X Configuration” section on page 49-27.
Step 7
Switch(config-if)# authentication
port-control auto
Enables 802.1X authentication on the interface.
To Next Page
Loading...
